Computer Security Resource Center

Welcome to the Underground Bookstore, a site dedicated to providing you with the latest knowledge about the BlackHat community as well as current trends in Computer, Network, and Information Security. The selections in our bookstore are handpicked to help you gain the knowledge and insights you need to properly defend your network and computer systems from the constantly evolving threats that are developed by the Underground or cyber criminal community.

The Information Security (InfoSec) field has had to grow exponentially over the past two decades to accommodate the corresponding growth of data. We live in a digital age where the majority of information now exists in formats that are easily compromised in terms of confidentiality, integrity, and availability if safeguards are not taken to protect it. This data protection must occur from end to end which means any security mechanism must work seamlessly while the data is in storage, in transit, or on display. The sheer number of different devices that process digital data today make this a daunting task for those information custodians who are responsible for safeguarding it. Industry accepted security standards have helped somewhat but it is impossible to keep up with the vulnerabilities that are found every day in personal computers, smart phones, networking equipment, etc. Hacker communities find and share ways to exploit these vulnerabilities well ahead of the fixes and patches that eventually get released.

While it may seem like an impossible battle to win there are actions and strategies you can use to slow the onslaught. Deploying a defense in depth strategy is an effective way to mitigate the risks created by any one particular vulnerability that arises. Never assume any of your security devices or methods will stop every attack. A single managed firewall or web content filter is no longer sufficient due to the onslaught of advanced persistent threats (APT) which are designed to continuously scan for vulnerabilities around the clock. If you layer several layers of defense on top of each other you will make your target much less attractive to a hacker who would be required to do more work to further penetrate your network. They generally will move on to the next easy target if gaining access to yours proves to be too cumbersome. An example of defense in depth is having a perimeter firewall, hard drive encryption, and a secure door access to all server rooms.

For the home user some of the most effective measures you can take are to use an Anti-Virus program on your computer, use strong passwords for all online accounts, and not use WEP encryption on your wireless router or wireless access point. Wired Equivalent Privacy (WEP) remains the most popular mode of Wifi today more than ten years since it was cracked. No communications over it should be considered secure so you should always chose WPA or higher if available. If you are browsing the web from a public place that only has WEP then you should use a SSL VPN service to encrypt your communications so that others cannot eavesdrop on your email, browser sessions, or instant messaging.

Corporations and large organizations have a much more challenging task of securing their information mostly because they are more high profile and lucrative targets. There are also hundred or thousands of identities that must be considered. A proper identity management system that can manage the entire identity life-cycle is a must for any organization that is serious about security. Access management is another area that is often plagued by vulnerabilities and is often the first place the Underground will probe when trying penetrate a network. Data protection systems that can encrypt data through all stages of its transit are key to safeguarding information.

Everyone seems to be publishing content these days. Unfortunately the implementation of sound security practices has not kept up with the boom in web publishing options. More and more personal and business websites get hacked everyday. An easy way to minimize your risk is to stick to one of the top 10 best web hosting companies. Most have consistently high quality customer feedback and plenty of experience in thwarting off common attacks. They can host your site and provide the security options essential for an online presence to survive on today’s Internet. Avoid low cost hosting. Those providers usually skimp on security measures to be able to offer cheap hosting. It is also recommended to avoid web hosting companies like Dreamhost and Web Hosting Pad who are notorious for unscrupulous customer care.